Painless Application Security with Apache Shiro

Short Form


Securing your applications can be a painful and confusing process, but it doesn't have to be. Apache Shiro simplifies all aspects of application security without sacrificing power or flexibility. Les Hazlewood, Apache Shiro PMC Chair, will explain all of Shiro's core features and demonstrate how to easily secure your own application- from small mobile to large enterprise applications.


Apache Shiro is a flexible open-source application security framework that supports the four cornerstones of application security: authentication, authorization, enterprise session management, and cryptography. It is in use at over 100,000 organizations – from big governent to tiny apps – and has an extremely active community and well-documented codebase.

Join us to learn:

Why you might want to use Shiro instead of alternatives like JAAS or Spring Security

The core architectural concepts of the framework
How to enable all four cornerstones for any application (standalone, mobile phone, web based, etc)
An overview of Shiro’s innovative web support module and security filtering capabilities

Speaking experience

I have spoken at widely on technical topics, including at OSCON and Java user groups throughout the bay area.


  • Les Hazlewood

    Apache Shiro / Stormpath


    Les Hazlewood is the Apache Shiro PMC Chair and co-founder and CTO of Stormpath. Prior to forming Stormpath, he held senior architectural positions at Bloomberg and Delta Airlines and he was former CTO of a software engineering firm supporting educational and government agencies. Les has been actively involved in Open Source development for more than 10 years, committing or contributing to projects like the Spring Framework, JBoss, and of course Apache Shiro. Les has a BS in Computer Science from Georgia Tech, currently lives in San Mateo, CA and practices Kendo and studies Japanese when he’s not banging out code.